smilint output for ./SNMPv2-PARTY-MIB
| Message Severities |
|---|
| Severity | Count |
|---|
| severe | 1 |
| error | 4 |
| minor error | 6 |
| change recommended | 3 |
| warning | 15 |
| fyi | 2 |
| Message Types |
|---|
| Type | Count |
|---|
| basetype-unknown (error) | 1 |
| defval-syntax (error) | 1 |
| group-member-invalid (minor error) | 2 |
| group-membership (change recommended) | 3 |
| identifier-external-redefined (warning) | 2 |
| import-failed (error) | 1 |
| index-element-no-size (minor error) | 3 |
| index-exceeds-too-large (warning) | 3 |
| integer-misuse (warning) | 10 |
| object-identifier-unknown (severe) | 1 |
| previous-definition (fyi) | 2 |
| revision-missing (minor error) | 1 |
| type-unknown (error) | 1 |
Messages:
/home/fenner/mibindex/latest2/SNMPv2-TC
1: -- extracted from rfc2579.txt
2: -- at Fri Dec 24 21:34:57 1999
3:
4: SNMPv2-TC DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: TimeTicks FROM SNMPv2-SMI;
8:
9:
10: -- definition of textual conventions
11:
12: TEXTUAL-CONVENTION MACRO ::=
13: BEGIN
14: TYPE NOTATION ::=
15: DisplayPart
16: "STATUS" Status
17: "DESCRIPTION" Text
18: ReferPart
19: "SYNTAX" Syntax
20:
21: VALUE NOTATION ::=
22: value(VALUE Syntax) -- adapted ASN.1
23:
24: DisplayPart ::=
25: "DISPLAY-HINT" Text
26: | empty
27:
28: Status ::=
29: "current"
30: | "deprecated"
31: | "obsolete"
32:
33: ReferPart ::=
34: "REFERENCE" Text
35: | empty
36:
37: -- a character string as defined in [2]
38: Text ::= value(IA5String)
39:
40: Syntax ::= -- Must be one of the following:
41: -- a base type (or its refinement), or
42: -- a BITS pseudo-type
43: type
44: | "BITS" "{" NamedBits "}"
45:
46: NamedBits ::= NamedBit
47: | NamedBits "," NamedBit
48:
49: NamedBit ::= identifier "(" number ")" -- number is nonnegative
50:
51: END
52:
53:
54:
55:
56: DisplayString ::= TEXTUAL-CONVENTION
57: DISPLAY-HINT "255a"
58: STATUS current
59: DESCRIPTION
60: "Represents textual information taken from the NVT ASCII
61: character set, as defined in pages 4, 10-11 of RFC 854.
62:
63: To summarize RFC 854, the NVT ASCII repertoire specifies:
64:
65: - the use of character codes 0-127 (decimal)
66:
67: - the graphics characters (32-126) are interpreted as
68: US ASCII
69:
70: - NUL, LF, CR, BEL, BS, HT, VT and FF have the special
71: meanings specified in RFC 854
72:
73: - the other 25 codes have no standard interpretation
74:
75: - the sequence 'CR LF' means newline
76:
77: - the sequence 'CR NUL' means carriage-return
78:
79: - an 'LF' not preceded by a 'CR' means moving to the
80: same column on the next line.
81:
82: - the sequence 'CR x' for any x other than LF or NUL is
83: illegal. (Note that this also means that a string may
84: end with either 'CR LF' or 'CR NUL', but not with CR.)
85:
86: Any object defined using this syntax may not exceed 255
87: characters in length."
88: SYNTAX OCTET STRING (SIZE (0..255))
89:
90: PhysAddress ::= TEXTUAL-CONVENTION
91: DISPLAY-HINT "1x:"
92: STATUS current
93: DESCRIPTION
94: "Represents media- or physical-level addresses."
95: SYNTAX OCTET STRING
96:
97:
98: MacAddress ::= TEXTUAL-CONVENTION
99: DISPLAY-HINT "1x:"
100: STATUS current
101: DESCRIPTION
102: "Represents an 802 MAC address represented in the
103: `canonical' order defined by IEEE 802.1a, i.e., as if it
104: were transmitted least significant bit first, even though
105: 802.5 (in contrast to other 802.x protocols) requires MAC
106: addresses to be transmitted most significant bit first."
107: SYNTAX OCTET STRING (SIZE (6))
108:
109: TruthValue ::= TEXTUAL-CONVENTION
110: STATUS current
111: DESCRIPTION
112: "Represents a boolean value."
113: SYNTAX INTEGER { true(1), false(2) }
114:
115: TestAndIncr ::= TEXTUAL-CONVENTION
116: STATUS current
117: DESCRIPTION
118: "Represents integer-valued information used for atomic
119: operations. When the management protocol is used to specify
120: that an object instance having this syntax is to be
121: modified, the new value supplied via the management protocol
122: must precisely match the value presently held by the
123: instance. If not, the management protocol set operation
124: fails with an error of `inconsistentValue'. Otherwise, if
125: the current value is the maximum value of 2^31-1 (2147483647
126: decimal), then the value held by the instance is wrapped to
127: zero; otherwise, the value held by the instance is
128: incremented by one. (Note that regardless of whether the
129: management protocol set operation succeeds, the variable-
130: binding in the request and response PDUs are identical.)
131:
132: The value of the ACCESS clause for objects having this
133: syntax is either `read-write' or `read-create'. When an
134: instance of a columnar object having this syntax is created,
135: any value may be supplied via the management protocol.
136:
137: When the network management portion of the system is re-
138: initialized, the value of every object instance having this
139: syntax must either be incremented from its value prior to
140: the re-initialization, or (if the value prior to the re-
141: initialization is unknown) be set to a pseudo-randomly
142: generated value."
143: SYNTAX INTEGER (0..2147483647)
144:
145: AutonomousType ::= TEXTUAL-CONVENTION
146: STATUS current
147: DESCRIPTION
148: "Represents an independently extensible type identification
149: value. It may, for example, indicate a particular sub-tree
150: with further MIB definitions, or define a particular type of
151: protocol or hardware."
152: SYNTAX OBJECT IDENTIFIER
153:
154:
155: InstancePointer ::= TEXTUAL-CONVENTION
156: STATUS obsolete
157: DESCRIPTION
158: "A pointer to either a specific instance of a MIB object or
159: a conceptual row of a MIB table in the managed device. In
160: the latter case, by convention, it is the name of the
161: particular instance of the first accessible columnar object
162: in the conceptual row.
163:
164: The two uses of this textual convention are replaced by
165: VariablePointer and RowPointer, respectively."
166: SYNTAX OBJECT IDENTIFIER
167:
168:
169: VariablePointer ::= TEXTUAL-CONVENTION
170: STATUS current
171: DESCRIPTION
172: "A pointer to a specific object instance. For example,
173: sysContact.0 or ifInOctets.3."
174: SYNTAX OBJECT IDENTIFIER
175:
176:
177: RowPointer ::= TEXTUAL-CONVENTION
178: STATUS current
179: DESCRIPTION
180: "Represents a pointer to a conceptual row. The value is the
181: name of the instance of the first accessible columnar object
182: in the conceptual row.
183:
184: For example, ifIndex.3 would point to the 3rd row in the
185: ifTable (note that if ifIndex were not-accessible, then
186: ifDescr.3 would be used instead)."
187: SYNTAX OBJECT IDENTIFIER
188:
189: RowStatus ::= TEXTUAL-CONVENTION
190: STATUS current
191: DESCRIPTION
192: "The RowStatus textual convention is used to manage the
193: creation and deletion of conceptual rows, and is used as the
194: value of the SYNTAX clause for the status column of a
195: conceptual row (as described in Section 7.7.1 of [2].)
196: The status column has six defined values:
197:
198: - `active', which indicates that the conceptual row is
199: available for use by the managed device;
200:
201: - `notInService', which indicates that the conceptual
202: row exists in the agent, but is unavailable for use by
203: the managed device (see NOTE below); 'notInService' has
204: no implication regarding the internal consistency of
205: the row, availability of resources, or consistency with
206: the current state of the managed device;
207:
208: - `notReady', which indicates that the conceptual row
209: exists in the agent, but is missing information
210: necessary in order to be available for use by the
211: managed device (i.e., one or more required columns in
212: the conceptual row have not been instanciated);
213:
214: - `createAndGo', which is supplied by a management
215: station wishing to create a new instance of a
216: conceptual row and to have its status automatically set
217: to active, making it available for use by the managed
218: device;
219:
220: - `createAndWait', which is supplied by a management
221: station wishing to create a new instance of a
222: conceptual row (but not make it available for use by
223: the managed device); and,
224:
225: - `destroy', which is supplied by a management station
226: wishing to delete all of the instances associated with
227: an existing conceptual row.
228:
229: Whereas five of the six values (all except `notReady') may
230: be specified in a management protocol set operation, only
231: three values will be returned in response to a management
232: protocol retrieval operation: `notReady', `notInService' or
233: `active'. That is, when queried, an existing conceptual row
234: has only three states: it is either available for use by
235: the managed device (the status column has value `active');
236: it is not available for use by the managed device, though
237: the agent has sufficient information to attempt to make it
238: so (the status column has value `notInService'); or, it is
239: not available for use by the managed device, and an attempt
240: to make it so would fail because the agent has insufficient
241: information (the state column has value `notReady').
242: NOTE WELL
243:
244: This textual convention may be used for a MIB table,
245: irrespective of whether the values of that table's
246: conceptual rows are able to be modified while it is
247: active, or whether its conceptual rows must be taken
248: out of service in order to be modified. That is, it is
249: the responsibility of the DESCRIPTION clause of the
250: status column to specify whether the status column must
251: not be `active' in order for the value of some other
252: column of the same conceptual row to be modified. If
253: such a specification is made, affected columns may be
254: changed by an SNMP set PDU if the RowStatus would not
255: be equal to `active' either immediately before or after
256: processing the PDU. In other words, if the PDU also
257: contained a varbind that would change the RowStatus
258: value, the column in question may be changed if the
259: RowStatus was not equal to `active' as the PDU was
260: received, or if the varbind sets the status to a value
261: other than 'active'.
262:
263:
264: Also note that whenever any elements of a row exist, the
265: RowStatus column must also exist.
266: To summarize the effect of having a conceptual row with a
267: status column having a SYNTAX clause value of RowStatus,
268: consider the following state diagram:
269:
270:
271: STATE
272: +--------------+-----------+-------------+-------------
273: | A | B | C | D
274: | |status col.|status column|
275: |status column | is | is |status column
276: ACTION |does not exist| notReady | notInService| is active
277: --------------+--------------+-----------+-------------+-------------
278: set status |noError ->D|inconsist- |inconsistent-|inconsistent-
279: column to | or | entValue| Value| Value
280: createAndGo |inconsistent- | | |
281: | Value| | |
282: --------------+--------------+-----------+-------------+-------------
283: set status |noError see 1|inconsist- |inconsistent-|inconsistent-
284: column to | or | entValue| Value| Value
285: createAndWait |wrongValue | | |
286: --------------+--------------+-----------+-------------+-------------
287: set status |inconsistent- |inconsist- |noError |noError
288: column to | Value| entValue| |
289: active | | | |
290: | | or | |
291: | | | |
292: | |see 2 ->D|see 8 ->D| ->D
293: --------------+--------------+-----------+-------------+-------------
294: set status |inconsistent- |inconsist- |noError |noError ->C
295: column to | Value| entValue| |
296: notInService | | | |
297: | | or | | or
298: | | | |
299: | |see 3 ->C| ->C|see 6
300: --------------+--------------+-----------+-------------+-------------
301: set status |noError |noError |noError |noError ->A
302: column to | | | | or
303: destroy | ->A| ->A| ->A|see 7
304: --------------+--------------+-----------+-------------+-------------
305: set any other |see 4 |noError |noError |see 5
306: column to some| | | |
307: value | | see 1| ->C| ->D
308: --------------+--------------+-----------+-------------+-------------
309:
310: (1) goto B or C, depending on information available to the
311: agent.
312:
313: (2) if other variable bindings included in the same PDU,
314: provide values for all columns which are missing but
315: required, and all columns have acceptable values, then
316: return noError and goto D.
317:
318: (3) if other variable bindings included in the same PDU,
319: provide legal values for all columns which are missing but
320: required, then return noError and goto C.
321:
322: (4) at the discretion of the agent, the return value may be
323: either:
324:
325: inconsistentName: because the agent does not choose to
326: create such an instance when the corresponding
327: RowStatus instance does not exist, or
328:
329: inconsistentValue: if the supplied value is
330: inconsistent with the state of some other MIB object's
331: value, or
332:
333: noError: because the agent chooses to create the
334: instance.
335:
336: If noError is returned, then the instance of the status
337: column must also be created, and the new state is B or C,
338: depending on the information available to the agent. If
339: inconsistentName or inconsistentValue is returned, the row
340: remains in state A.
341:
342: (5) depending on the MIB definition for the column/table,
343: either noError or inconsistentValue may be returned.
344:
345: (6) the return value can indicate one of the following
346: errors:
347:
348: wrongValue: because the agent does not support
349: notInService (e.g., an agent which does not support
350: createAndWait), or
351:
352: inconsistentValue: because the agent is unable to take
353: the row out of service at this time, perhaps because it
354: is in use and cannot be de-activated.
355:
356: (7) the return value can indicate the following error:
357:
358: inconsistentValue: because the agent is unable to
359: remove the row at this time, perhaps because it is in
360: use and cannot be de-activated.
361:
362: (8) the transition to D can fail, e.g., if the values of the
363: conceptual row are inconsistent, then the error code would
364: be inconsistentValue.
365:
366: NOTE: Other processing of (this and other varbinds of) the
367: set request may result in a response other than noError
368: being returned, e.g., wrongValue, noCreation, etc.
369:
370:
371: Conceptual Row Creation
372:
373: There are four potential interactions when creating a
374: conceptual row: selecting an instance-identifier which is
375: not in use; creating the conceptual row; initializing any
376: objects for which the agent does not supply a default; and,
377: making the conceptual row available for use by the managed
378: device.
379:
380: Interaction 1: Selecting an Instance-Identifier
381:
382: The algorithm used to select an instance-identifier varies
383: for each conceptual row. In some cases, the instance-
384: identifier is semantically significant, e.g., the
385: destination address of a route, and a management station
386: selects the instance-identifier according to the semantics.
387:
388: In other cases, the instance-identifier is used solely to
389: distinguish conceptual rows, and a management station
390: without specific knowledge of the conceptual row might
391: examine the instances present in order to determine an
392: unused instance-identifier. (This approach may be used, but
393: it is often highly sub-optimal; however, it is also a
394: questionable practice for a naive management station to
395: attempt conceptual row creation.)
396:
397: Alternately, the MIB module which defines the conceptual row
398: might provide one or more objects which provide assistance
399: in determining an unused instance-identifier. For example,
400: if the conceptual row is indexed by an integer-value, then
401: an object having an integer-valued SYNTAX clause might be
402: defined for such a purpose, allowing a management station to
403: issue a management protocol retrieval operation. In order
404: to avoid unnecessary collisions between competing management
405: stations, `adjacent' retrievals of this object should be
406: different.
407:
408: Finally, the management station could select a pseudo-random
409: number to use as the index. In the event that this index
410: was already in use and an inconsistentValue was returned in
411: response to the management protocol set operation, the
412: management station should simply select a new pseudo-random
413: number and retry the operation.
414:
415: A MIB designer should choose between the two latter
416: algorithms based on the size of the table (and therefore the
417: efficiency of each algorithm). For tables in which a large
418: number of entries are expected, it is recommended that a MIB
419: object be defined that returns an acceptable index for
420: creation. For tables with small numbers of entries, it is
421: recommended that the latter pseudo-random index mechanism be
422: used.
423:
424: Interaction 2: Creating the Conceptual Row
425:
426: Once an unused instance-identifier has been selected, the
427: management station determines if it wishes to create and
428: activate the conceptual row in one transaction or in a
429: negotiated set of interactions.
430:
431: Interaction 2a: Creating and Activating the Conceptual Row
432:
433: The management station must first determine the column
434: requirements, i.e., it must determine those columns for
435: which it must or must not provide values. Depending on the
436: complexity of the table and the management station's
437: knowledge of the agent's capabilities, this determination
438: can be made locally by the management station. Alternately,
439: the management station issues a management protocol get
440: operation to examine all columns in the conceptual row that
441: it wishes to create. In response, for each column, there
442: are three possible outcomes:
443:
444: - a value is returned, indicating that some other
445: management station has already created this conceptual
446: row. We return to interaction 1.
447:
448: - the exception `noSuchInstance' is returned,
449: indicating that the agent implements the object-type
450: associated with this column, and that this column in at
451: least one conceptual row would be accessible in the MIB
452: view used by the retrieval were it to exist. For those
453: columns to which the agent provides read-create access,
454: the `noSuchInstance' exception tells the management
455: station that it should supply a value for this column
456: when the conceptual row is to be created.
457: - the exception `noSuchObject' is returned, indicating
458: that the agent does not implement the object-type
459: associated with this column or that there is no
460: conceptual row for which this column would be
461: accessible in the MIB view used by the retrieval. As
462: such, the management station can not issue any
463: management protocol set operations to create an
464: instance of this column.
465:
466: Once the column requirements have been determined, a
467: management protocol set operation is accordingly issued.
468: This operation also sets the new instance of the status
469: column to `createAndGo'.
470:
471: When the agent processes the set operation, it verifies that
472: it has sufficient information to make the conceptual row
473: available for use by the managed device. The information
474: available to the agent is provided by two sources: the
475: management protocol set operation which creates the
476: conceptual row, and, implementation-specific defaults
477: supplied by the agent (note that an agent must provide
478: implementation-specific defaults for at least those objects
479: which it implements as read-only). If there is sufficient
480: information available, then the conceptual row is created, a
481: `noError' response is returned, the status column is set to
482: `active', and no further interactions are necessary (i.e.,
483: interactions 3 and 4 are skipped). If there is insufficient
484: information, then the conceptual row is not created, and the
485: set operation fails with an error of `inconsistentValue'.
486: On this error, the management station can issue a management
487: protocol retrieval operation to determine if this was
488: because it failed to specify a value for a required column,
489: or, because the selected instance of the status column
490: already existed. In the latter case, we return to
491: interaction 1. In the former case, the management station
492: can re-issue the set operation with the additional
493: information, or begin interaction 2 again using
494: `createAndWait' in order to negotiate creation of the
495: conceptual row.
496: NOTE WELL
497:
498: Regardless of the method used to determine the column
499: requirements, it is possible that the management
500: station might deem a column necessary when, in fact,
501: the agent will not allow that particular columnar
502: instance to be created or written. In this case, the
503: management protocol set operation will fail with an
504: error such as `noCreation' or `notWritable'. In this
505: case, the management station decides whether it needs
506: to be able to set a value for that particular columnar
507: instance. If not, the management station re-issues the
508: management protocol set operation, but without setting
509: a value for that particular columnar instance;
510: otherwise, the management station aborts the row
511: creation algorithm.
512:
513: Interaction 2b: Negotiating the Creation of the Conceptual
514: Row
515:
516: The management station issues a management protocol set
517: operation which sets the desired instance of the status
518: column to `createAndWait'. If the agent is unwilling to
519: process a request of this sort, the set operation fails with
520: an error of `wrongValue'. (As a consequence, such an agent
521: must be prepared to accept a single management protocol set
522: operation, i.e., interaction 2a above, containing all of the
523: columns indicated by its column requirements.) Otherwise,
524: the conceptual row is created, a `noError' response is
525: returned, and the status column is immediately set to either
526: `notInService' or `notReady', depending on whether it has
527: sufficient information to (attempt to) make the conceptual
528: row available for use by the managed device. If there is
529: sufficient information available, then the status column is
530: set to `notInService'; otherwise, if there is insufficient
531: information, then the status column is set to `notReady'.
532: Regardless, we proceed to interaction 3.
533:
534: Interaction 3: Initializing non-defaulted Objects
535:
536: The management station must now determine the column
537: requirements. It issues a management protocol get operation
538: to examine all columns in the created conceptual row. In
539: the response, for each column, there are three possible
540: outcomes:
541: - a value is returned, indicating that the agent
542: implements the object-type associated with this column
543: and had sufficient information to provide a value. For
544: those columns to which the agent provides read-create
545: access (and for which the agent allows their values to
546: be changed after their creation), a value return tells
547: the management station that it may issue additional
548: management protocol set operations, if it desires, in
549: order to change the value associated with this column.
550:
551: - the exception `noSuchInstance' is returned,
552: indicating that the agent implements the object-type
553: associated with this column, and that this column in at
554: least one conceptual row would be accessible in the MIB
555: view used by the retrieval were it to exist. However,
556: the agent does not have sufficient information to
557: provide a value, and until a value is provided, the
558: conceptual row may not be made available for use by the
559: managed device. For those columns to which the agent
560: provides read-create access, the `noSuchInstance'
561: exception tells the management station that it must
562: issue additional management protocol set operations, in
563: order to provide a value associated with this column.
564:
565: - the exception `noSuchObject' is returned, indicating
566: that the agent does not implement the object-type
567: associated with this column or that there is no
568: conceptual row for which this column would be
569: accessible in the MIB view used by the retrieval. As
570: such, the management station can not issue any
571: management protocol set operations to create an
572: instance of this column.
573:
574: If the value associated with the status column is
575: `notReady', then the management station must first deal with
576: all `noSuchInstance' columns, if any. Having done so, the
577: value of the status column becomes `notInService', and we
578: proceed to interaction 4.
579: Interaction 4: Making the Conceptual Row Available
580:
581: Once the management station is satisfied with the values
582: associated with the columns of the conceptual row, it issues
583: a management protocol set operation to set the status column
584: to `active'. If the agent has sufficient information to
585: make the conceptual row available for use by the managed
586: device, the management protocol set operation succeeds (a
587: `noError' response is returned). Otherwise, the management
588: protocol set operation fails with an error of
589: `inconsistentValue'.
590:
591: NOTE WELL
592:
593: A conceptual row having a status column with value
594: `notInService' or `notReady' is unavailable to the
595: managed device. As such, it is possible for the
596: managed device to create its own instances during the
597: time between the management protocol set operation
598: which sets the status column to `createAndWait' and the
599: management protocol set operation which sets the status
600: column to `active'. In this case, when the management
601: protocol set operation is issued to set the status
602: column to `active', the values held in the agent
603: supersede those used by the managed device.
604:
605: If the management station is prevented from setting the
606: status column to `active' (e.g., due to management station
607: or network failure) the conceptual row will be left in the
608: `notInService' or `notReady' state, consuming resources
609: indefinitely. The agent must detect conceptual rows that
610: have been in either state for an abnormally long period of
611: time and remove them. It is the responsibility of the
612: DESCRIPTION clause of the status column to indicate what an
613: abnormally long period of time would be. This period of
614: time should be long enough to allow for human response time
615: (including `think time') between the creation of the
616: conceptual row and the setting of the status to `active'.
617: In the absence of such information in the DESCRIPTION
618: clause, it is suggested that this period be approximately 5
619: minutes in length. This removal action applies not only to
620: newly-created rows, but also to previously active rows which
621: are set to, and left in, the notInService state for a
622: prolonged period exceeding that which is considered normal
623: for such a conceptual row.
624: Conceptual Row Suspension
625:
626: When a conceptual row is `active', the management station
627: may issue a management protocol set operation which sets the
628: instance of the status column to `notInService'. If the
629: agent is unwilling to do so, the set operation fails with an
630: error of `wrongValue' or `inconsistentValue'. Otherwise,
631: the conceptual row is taken out of service, and a `noError'
632: response is returned. It is the responsibility of the
633: DESCRIPTION clause of the status column to indicate under
634: what circumstances the status column should be taken out of
635: service (e.g., in order for the value of some other column
636: of the same conceptual row to be modified).
637:
638:
639: Conceptual Row Deletion
640:
641: For deletion of conceptual rows, a management protocol set
642: operation is issued which sets the instance of the status
643: column to `destroy'. This request may be made regardless of
644: the current value of the status column (e.g., it is possible
645: to delete conceptual rows which are either `notReady',
646: `notInService' or `active'.) If the operation succeeds,
647: then all instances associated with the conceptual row are
648: immediately removed."
649: SYNTAX INTEGER {
650: -- the following two values are states:
651: -- these values may be read or written
652: active(1),
653: notInService(2),
654:
655: -- the following value is a state:
656: -- this value may be read, but not written
657: notReady(3),
658:
659: -- the following three values are
660: -- actions: these values may be written,
661: -- but are never read
662: createAndGo(4),
663: createAndWait(5),
664: destroy(6)
665: }
666:
667: TimeStamp ::= TEXTUAL-CONVENTION
668: STATUS current
669: DESCRIPTION
670: "The value of the sysUpTime object at which a specific
671: occurrence happened. The specific occurrence must be
672: defined in the description of any object defined using this
673: type.
674:
675: If sysUpTime is reset to zero as a result of a re-
676: initialization of the network management (sub)system, then
677: the values of all TimeStamp objects are also reset.
678: However, after approximately 497 days without a re-
679: initialization, the sysUpTime object will reach 2^^32-1 and
680: then increment around to zero; in this case, existing values
681: of TimeStamp objects do not change. This can lead to
682: ambiguities in the value of TimeStamp objects."
683: SYNTAX TimeTicks
684:
685:
686: TimeInterval ::= TEXTUAL-CONVENTION
687: STATUS current
688: DESCRIPTION
689: "A period of time, measured in units of 0.01 seconds."
690: SYNTAX INTEGER (0..2147483647)
691:
692: DateAndTime ::= TEXTUAL-CONVENTION
693: DISPLAY-HINT "2d-1d-1d,1d:1d:1d.1d,1a1d:1d"
694: STATUS current
695: DESCRIPTION
696: "A date-time specification.
697:
698: field octets contents range
699: ----- ------ -------- -----
700: 1 1-2 year* 0..65536
701: 2 3 month 1..12
702: 3 4 day 1..31
703: 4 5 hour 0..23
704: 5 6 minutes 0..59
705: 6 7 seconds 0..60
706: (use 60 for leap-second)
707: 7 8 deci-seconds 0..9
708: 8 9 direction from UTC '+' / '-'
709: 9 10 hours from UTC* 0..13
710: 10 11 minutes from UTC 0..59
711:
712: * Notes:
713: - the value of year is in network-byte order
714: - daylight saving time in New Zealand is +13
715:
716: For example, Tuesday May 26, 1992 at 1:30:15 PM EDT would be
717: displayed as:
718:
719: 1992-5-26,13:30:15.0,-4:0
720:
721: Note that if only local time is known, then timezone
722: information (fields 8-10) is not present."
723: SYNTAX OCTET STRING (SIZE (8 | 11))
724:
725:
726: StorageType ::= TEXTUAL-CONVENTION
726: fyi -
info: previous definition of `StorageType'
727: STATUS current
728: DESCRIPTION
729: "Describes the memory realization of a conceptual row. A
730: row which is volatile(2) is lost upon reboot. A row which
731: is either nonVolatile(3), permanent(4) or readOnly(5), is
732: backed up by stable storage. A row which is permanent(4)
733: can be changed but not deleted. A row which is readOnly(5)
734: cannot be changed nor deleted.
735:
736: If the value of an object with this syntax is either
737: permanent(4) or readOnly(5), it cannot be written.
738: Conversely, if the value is either other(1), volatile(2) or
739: nonVolatile(3), it cannot be modified to be permanent(4) or
740: readOnly(5). (All illegal modifications result in a
741: 'wrongValue' error.)
742:
743: Every usage of this textual convention is required to
744: specify the columnar objects which a permanent(4) row must
745: at a minimum allow to be writable."
746: SYNTAX INTEGER {
747: other(1), -- eh?
748: volatile(2), -- e.g., in RAM
749: nonVolatile(3), -- e.g., in NVRAM
750: permanent(4), -- e.g., partially in ROM
751: readOnly(5) -- e.g., completely in ROM
752: }
753:
754: TDomain ::= TEXTUAL-CONVENTION
755: STATUS current
756: DESCRIPTION
757: "Denotes a kind of transport service.
758:
759: Some possible values, such as snmpUDPDomain, are defined in
760: the SNMPv2-TM MIB module. Other possible values are defined
761: in other MIB modules."
762: REFERENCE "The SNMPv2-TM MIB module is defined in RFC 1906."
763: SYNTAX OBJECT IDENTIFIER
764:
765:
766: TAddress ::= TEXTUAL-CONVENTION
766: fyi -
info: previous definition of `TAddress'
767: STATUS current
768: DESCRIPTION
769: "Denotes a transport service address.
770:
771: A TAddress value is always interpreted within the context of a
772: TDomain value. Thus, each definition of a TDomain value must
773: be accompanied by a definition of a textual convention for use
774: with that TDomain. Some possible textual conventions, such as
775: SnmpUDPAddress for snmpUDPDomain, are defined in the SNMPv2-TM
776: MIB module. Other possible textual conventions are defined in
777: other MIB modules."
778: REFERENCE "The SNMPv2-TM MIB module is defined in RFC 1906."
779: SYNTAX OCTET STRING (SIZE (1..255))
780:
781:
782: END
783:
784: --
785: -- Copyright (C) The Internet Society (1999). All Rights Reserved.
786: --
787: -- This document and translations of it may be copied and furnished to
788: -- others, and derivative works that comment on or otherwise explain it
789: -- or assist in its implementation may be prepared, copied, published
790: -- and distributed, in whole or in part, without restriction of any
791: -- kind, provided that the above copyright notice and this paragraph are
792: -- included on all such copies and derivative works. However, this
793: -- document itself may not be modified in any way, such as by removing
794: -- the copyright notice or references to the Internet Society or other
795: -- Internet organizations, except as needed for the purpose of
796: -- developing Internet standards in which case the procedures for
797: -- copyrights defined in the Internet Standards process must be
798: -- followed, or as required to translate it into languages other than
799: -- English.
800: --
801: -- The limited permissions granted above are perpetual and will not be
802: -- revoked by the Internet Society or its successors or assigns.
803: --
804: -- This document and the information contained herein is provided on an
805: -- "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
806: -- TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
807: -- BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
808: -- HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
809: -- MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE."
810:
SNMPv2-PARTY-MIB
1: -- extracted from rfc1447.txt
2: -- at Mon Nov 15 17:11:56 1999
3:
4: SNMPv2-PARTY-MIB DEFINITIONS ::= BEGIN
5:
6: IMPORTS
7: MODULE-IDENTITY, OBJECT-TYPE, snmpModules,
8: UInteger32
9: FROM SNMPv2-SMI
9: error -
identifier `UInteger32' cannot be imported from module `SNMPv2-SMI'
10: TEXTUAL-CONVENTION, RowStatus, TruthValue
11: FROM SNMPv2-TC
12: MODULE-COMPLIANCE, OBJECT-GROUP
13: FROM SNMPv2-CONF;
14:
15:
16: partyMIB MODULE-IDENTITY
17: LAST-UPDATED "9304010000Z"
18: ORGANIZATION "IETF SNMP Security Working Group"
19: CONTACT-INFO
20: " Keith McCloghrie
21:
22: Postal: Hughes LAN Systems
23: 1225 Charleston Road
24: Mountain View, CA 94043
25: US
26:
27: Tel: +1 415 966 7934
28: Fax: +1 415 960 3738
29:
30: E-mail: kzm@hls.com"
31: DESCRIPTION
32: "The MIB module describing SNMPv2 parties."
33: ::= { snmpModules 3 }
33: minor error -
revision for last update is missing
34:
35: -- textual conventions
36:
37: Party ::= TEXTUAL-CONVENTION
38: STATUS current
39: DESCRIPTION
40: "Denotes a SNMPv2 party identifier.
41:
42: Note that agents may impose implementation
43: limitations on the length of OIDs used to identify
44: Parties. As such, management stations creating
45: new parties should be aware that using an
46: excessively long OID may result in the agent
47: refusing to perform the set operation and instead
48: returning the appropriate error response, e.g.,
49: noCreation."
50: SYNTAX OBJECT IDENTIFIER
51:
52:
53: TAddress ::= TEXTUAL-CONVENTION
53: warning -
warning: redefinition of identifier `SNMPv2-TC::TAddress'
54: STATUS current
55: DESCRIPTION
56: "Denotes a transport service address.
57:
58: For snmpUDPDomain, a TAddress is 6 octets long,
59: the initial 4 octets containing the IP-address in
60: network-byte order and the last 2 containing the
61: UDP port in network-byte order. Consult [5] for
62: further information on snmpUDPDomain."
63: SYNTAX OCTET STRING
64:
65: Clock ::= TEXTUAL-CONVENTION
66: STATUS current
67: DESCRIPTION
68: "A party's authentication clock - a non-negative
69: integer which is incremented as specified/allowed
70: by the party's Authentication Protocol.
71:
72: For noAuth, a party's authentication clock is
73: unused and its value is undefined.
74:
75: For v2md5AuthProtocol, a party's authentication
76: clock is a relative clock with 1-second
77: granularity."
78: SYNTAX UInteger32
79:
80:
81: Context ::= TEXTUAL-CONVENTION
81: error -
unknown type `UInteger32'
82: STATUS current
83: DESCRIPTION
84: "Denotes a SNMPv2 context identifier.
85:
86: Note that agents may impose implementation
87: limitations on the length of OIDs used to identify
88: Contexts. As such, management stations creating new
89: contexts should be aware that using an excessively
90: long OID may result in the agent refusing to
91: perform the set operation and instead returning
92: the appropriate error response, e.g., noCreation."
93: SYNTAX OBJECT IDENTIFIER
94:
95: StorageType ::= TEXTUAL-CONVENTION
95: warning -
warning: redefinition of identifier `SNMPv2-TC::StorageType'
96: STATUS current
97: DESCRIPTION
98: "Describes the memory realization of a conceptual
99: row. A row which is volatile(2) is lost upon
100: reboot. A row which is nonVolatile(3) is backed
101: up by stable storage. A row which is permanent(4)
102: cannot be changed nor deleted."
103: SYNTAX INTEGER {
104: other(1), -- eh?
105: volatile(2), -- e.g., in RAM
106: nonVolatile(3), -- e.g., in NVRAM
107: permanent(4) -- e.g., in ROM
108: }
109:
110: -- administrative assignments
111:
112: partyAdmin OBJECT IDENTIFIER ::= { partyMIB 1 }
113:
114:
115: -- definitions of security protocols
116:
117: partyProtocols OBJECT IDENTIFIER ::= { partyAdmin 1 }
118:
119: -- the protocol without authentication
120: noAuth OBJECT IDENTIFIER ::= { partyProtocols 1 }
121:
122: -- the protocol without privacy
123: noPriv OBJECT IDENTIFIER ::= { partyProtocols 2 }
124:
125: -- the DES Privacy Protocol [4]
126: desPrivProtocol
127: OBJECT IDENTIFIER ::= { partyProtocols 3 }
128:
129: -- the MD5 Authentication Protocol [4]
130: v2md5AuthProtocol
131: OBJECT IDENTIFIER ::= { partyProtocols 4 }
132:
133:
134: -- definitions of temporal domains
135:
136: temporalDomains
137: OBJECT IDENTIFIER ::= { partyAdmin 2 }
138:
139: -- this temporal domain refers to management information
140: -- at the current time
141: currentTime OBJECT IDENTIFIER ::= { temporalDomains 1 }
142:
143: -- this temporal domain refers to management information
144: -- upon the next re-initialization of the managed device
145: restartTime OBJECT IDENTIFIER ::= { temporalDomains 2 }
146:
147: -- the temporal domain { cacheTime N } refers to management
148: -- information that is cached and guaranteed to be at most
149: -- N seconds old
150: cacheTime OBJECT IDENTIFIER ::= { temporalDomains 3 }
151: -- Definition of Initial Party and Context Identifiers
152:
153: -- When devices are installed, they need to be configured
154: -- with an initial set of SNMPv2 parties and contexts. The
155: -- configuration of SNMPv2 parties and contexts requires (among
156: -- other things) the assignment of several OBJECT IDENTIFIERs.
157: -- Any local network administration can obtain the delegated
158: -- authority necessary to assign its own OBJECT IDENTIFIERs.
159: -- However, to provide for those administrations who have not
160: -- obtained the necessary authority, this document allocates a
161: -- branch of the naming tree for use with the following
162: -- conventions.
163:
164: initialPartyId OBJECT IDENTIFIER ::= { partyAdmin 3 }
165:
166: initialContextId
167: OBJECT IDENTIFIER ::= { partyAdmin 4 }
168:
169: -- Note these are identified as "initial" party and context
170: -- identifiers since these allow secure SNMPv2 communication
171: -- to proceed, thereby allowing further SNMPv2 parties to be
172: -- configured through use of the SNMPv2 itself.
173:
174: -- The following definitions identify a party identifier, and
175: -- specify the initial values of various object instances
176: -- indexed by that identifier. In addition, the SNMPv2
177: -- context, access control policy, and MIB view information
178: -- assigned, by convention, are identified.
179: -- Party Identifiers for use as initial SNMPv2 parties
180: -- at IP address a.b.c.d
181:
182: -- Note that for all OBJECT IDENTIFIERs assigned under
183: -- initialPartyId, the four sub-identifiers immediately
184: -- following initialPartyId represent the four octets of
185: -- an IP address. Initial party identifiers for other address
186: -- families are assigned under a different OBJECT IDENTIFIER,
187: -- as defined elsewhere.
188:
189: -- Devices which support SNMPv2 as entities acting in an
190: -- agent role, and accessed via the snmpUDPDomain transport
191: -- domain, are required to be configured with the appropriate
192: -- set of the following as implicit assignments as and when
193: -- they are configured with an IP address. The appropriate
194: -- set is all those applicable to the authentication and
195: -- privacy protocols supported by the device.
196: -- a noAuth/noPriv party which executes at the agent
197: -- partyIdentity = { initialPartyId a b c d 1 }
198: -- partyIndex = 1
199: -- partyTDomain = snmpUDPDomain
200: -- partyTAddress = a.b.c.d, 161
201: -- partyLocal = true (in agent's database)
202: -- partyAuthProtocol = noAuth
203: -- partyAuthClock = 0
204: -- partyAuthPrivate = ''H (the empty string)
205: -- partyAuthPublic = ''H (the empty string)
206: -- partyAuthLifetime = 0
207: -- partyPrivProtocol = noPriv
208: -- partyPrivPrivate = ''H (the empty string)
209: -- partyPrivPublic = ''H (the empty string)
210:
211: -- a noAuth/noPriv party which executes at a manager
212: -- partyIdentity = { initialPartyId a b c d 2 }
213: -- partyIndex = 2
214: -- partyTDomain = snmpUDPDomain
215: -- partyTAddress = assigned by local administration
216: -- partyLocal = false (in agent's database)
217: -- partyAuthProtocol = noAuth
218: -- partyAuthClock = 0
219: -- partyAuthPrivate = ''H (the empty string)
220: -- partyAuthPublic = ''H (the empty string)
221: -- partyAuthLifetime = 0
222: -- partyPrivProtocol = noPriv
223: -- partyPrivPrivate = ''H (the empty string)
224: -- partyPrivPublic = ''H (the empty string)
225: -- a md5Auth/noPriv party which executes at the agent
226: -- partyIdentity = { initialPartyId a b c d 3 }
227: -- partyIndex = 3
228: -- partyTDomain = snmpUDPDomain
229: -- partyTAddress = a.b.c.d, 161
230: -- partyLocal = true (in agent's database)
231: -- partyAuthProtocol = v2md5AuthProtocol
232: -- partyAuthClock = 0
233: -- partyAuthPrivate = assigned by local administration
234: -- partyAuthPublic = ''H (the empty string)
235: -- partyAuthLifetime = 300
236: -- partyPrivProtocol = noPriv
237: -- partyPrivPrivate = ''H (the empty string)
238: -- partyPrivPublic = ''H (the empty string)
239:
240: -- a md5Auth/noPriv party which executes at a manager
241: -- partyIdentity = { initialPartyId a b c d 4 }
242: -- partyIndex = 4
243: -- partyTDomain = snmpUDPDomain
244: -- partyTAddress = assigned by local administration
245: -- partyLocal = false (in agent's database)
246: -- partyAuthProtocol = v2md5AuthProtocol
247: -- partyAuthClock = 0
248: -- partyAuthPrivate = assigned by local administration
249: -- partyAuthPublic = ''H (the empty string)
250: -- partyAuthLifetime = 300
251: -- partyPrivProtocol = noPriv
252: -- partyPrivPrivate = ''H (the empty string)
253: -- partyPrivPublic = ''H (the empty string)
254: -- a md5Auth/desPriv party which executes at the agent
255: -- partyIdentity = { initialPartyId a b c d 5 }
256: -- partyIndex = 5
257: -- partyTDomain = snmpUDPDomain
258: -- partyTAddress = a.b.c.d, 161
259: -- partyLocal = true (in agent's database)
260: -- partyAuthProtocol = v2md5AuthProtocol
261: -- partyAuthClock = 0
262: -- partyAuthPrivate = assigned by local administration
263: -- partyAuthPublic = ''H (the empty string)
264: -- partyAuthLifetime = 300
265: -- partyPrivProtocol = desPrivProtocol
266: -- partyPrivPrivate = assigned by local administration
267: -- partyPrivPublic = ''H (the empty string)
268:
269: -- a md5Auth/desPriv party which executes at a manager
270: -- partyIdentity = { initialPartyId a b c d 6 }
271: -- partyIndex = 6
272: -- partyTDomain = snmpUDPDomain
273: -- partyTAddress = assigned by local administration
274: -- partyLocal = false (in agent's database)
275: -- partyAuthProtocol = v2md5AuthProtocol
276: -- partyAuthClock = 0
277: -- partyAuthPrivate = assigned by local administration
278: -- partyAuthPublic = ''H (the empty string)
279: -- partyAuthLifetime = 300
280: -- partyPrivProtocol = desPrivProtocol
281: -- partyPrivPrivate = assigned by local administration
282: -- partyPrivPublic = ''H (the empty string)
283: -- the initial SNMPv2 contexts assigned, by convention, are:
284:
285: -- contextIdentity = { initialContextId a b c d 1 }
286: -- contextIndex = 1
287: -- contextLocal = true (in agent's database)
288: -- contextViewIndex = 1
289: -- contextLocalEntity = ''H (the empty string)
290: -- contextLocalTime = currentTime
291: -- contextProxyDstParty = { 0 0 }
292: -- contextProxySrcParty = { 0 0 }
293: -- contextProxyContext = { 0 0 }
294:
295: -- contextIdentity = { initialContextId a b c d 2 }
296: -- contextIndex = 2
297: -- contextLocal = true (in agent's database)
298: -- contextViewIndex = 2
299: -- contextLocalEntity = ''H (the empty string)
300: -- contextLocalTime = currentTime
301: -- contextProxyDstParty = { 0 0 }
302: -- contextProxySrcParty = { 0 0 }
303: -- contextProxyContext = { 0 0 }
304:
305: -- The initial access control policy assigned, by
306: -- convention, is:
307:
308: -- aclTarget = 1
309: -- aclSubject = 2
310: -- aclResources = 1
311: -- aclPrivileges = 35 (Get, Get-Next & Get-Bulk)
312:
313: -- aclTarget = 2
314: -- aclSubject = 1
315: -- aclResources = 1
316: -- aclPrivileges = 132 (Response & SNMPv2-Trap)
317:
318: -- aclTarget = 3
319: -- aclSubject = 4
320: -- aclResources = 2
321: -- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk)
322:
323: -- aclTarget = 4
324: -- aclSubject = 3
325: -- aclResources = 2
326: -- aclPrivileges = 4 (Response)
327:
328: -- aclTarget = 5
329: -- aclSubject = 6
330: -- aclResources = 2
331: -- aclPrivileges = 43 (Get, Get-Next, Set & Get-Bulk)
332:
333: -- aclTarget = 6
334: -- aclSubject = 5
335: -- aclResources = 2
336: -- aclPrivileges = 4 (Response)
337:
338:
339: -- Note that the initial context and access control
340: -- information assigned above, by default, to the
341: -- md5Auth/desPriv parties are identical to those assigned to
342: -- the md5Auth/noPriv parties. However, each administration
343: -- may choose to have different authorization policies,
344: -- depending on whether privacy is used.
345: -- The initial MIB views assigned, by convention, are:
346:
347: -- viewIndex = 1
348: -- viewSubtree = system
349: -- viewMask = ''H
350: -- viewType = included
351:
352: -- viewIndex = 1
353: -- viewSubtree = snmpStats
354: -- viewMask = ''H
355: -- viewType = included
356:
357: -- viewIndex = 1
358: -- viewSubtree = snmpParties
359: -- viewMask = ''H
360: -- viewType = included
361:
362: -- viewIndex = 2
363: -- viewSubtree = internet
364: -- viewMask = ''H
365: -- viewType = included
366:
367:
368: -- Note that full access to the partyTable, contextTable,
369: -- aclTable, and viewTable gives a manager the ability to
370: -- configure any parties with any/all capabilities (the
371: -- equivalent of "root" access). A lesser manager can be
372: -- given access only to the partyTable so that it can
373: -- maintain its own parties, but not increase/decrease
374: -- their capabilities. Such a lesser manager can also
375: -- create new parties but they are of no use to it.
376: -- object assignments
377:
378: partyMIBObjects
379: OBJECT IDENTIFIER ::= { partyMIB 2 }
380:
381:
382: -- the SNMPv2 party database group
383:
384: snmpParties OBJECT IDENTIFIER ::= { partyMIBObjects 1 }
385:
386:
387: partyTable OBJECT-TYPE
388: SYNTAX SEQUENCE OF PartyEntry
389: MAX-ACCESS not-accessible
390: STATUS current
391: DESCRIPTION
392: "The SNMPv2 Party database."
393: ::= { snmpParties 1 }
394:
395: partyEntry OBJECT-TYPE
395: warning -
warning: index of row `partyEntry' can exceed OID size limit by 13 subidentifier(s)
396: SYNTAX PartyEntry
397: MAX-ACCESS not-accessible
398: STATUS current
399: DESCRIPTION
400: "Locally held information about a particular
401: SNMPv2 party."
402: INDEX { IMPLIED partyIdentity }
403: ::= { partyTable 1 }
404:
405: PartyEntry ::=
406: SEQUENCE {
407: partyIdentity Party,
408: partyIndex INTEGER,
409: partyTDomain OBJECT IDENTIFIER,
410: partyTAddress TAddress,
411: partyMaxMessageSize INTEGER,
412: partyLocal TruthValue,
413: partyAuthProtocol OBJECT IDENTIFIER,
414: partyAuthClock Clock,
415: partyAuthPrivate OCTET STRING,
416: partyAuthPublic OCTET STRING,
417: partyAuthLifetime INTEGER,
418: partyPrivProtocol OBJECT IDENTIFIER,
419: partyPrivPrivate OCTET STRING,
420: partyPrivPublic OCTET STRING,
421: partyCloneFrom Party,
422: partyStorageType StorageType,
423: partyStatus RowStatus
424: }
425:
426: partyIdentity OBJECT-TYPE
426: minor error -
index element `partyIdentity' of row `partyEntry' should but cannot have a size restriction
427: SYNTAX Party
428: MAX-ACCESS not-accessible
429: STATUS current
430: DESCRIPTION
431: "A party identifier uniquely identifying a
432: particular SNMPv2 party."
433: ::= { partyEntry 1 }
434:
435: partyIndex OBJECT-TYPE
436: SYNTAX INTEGER (1..65535)
436: warning -
warning: use Integer32 instead of INTEGER in SMIv2
437: MAX-ACCESS read-only
438: STATUS current
439: DESCRIPTION
440: "A unique value for each SNMPv2 party. The value
441: for each SNMPv2 party must remain constant at
442: least from one re-initialization of the entity's
443: network management system to the next re-
444: initialization."
445: ::= { partyEntry 2 }
446:
447: partyTDomain OBJECT-TYPE
447: severe -
unknown object identifier label `snmpUDPDomain'
447: error -
default value syntax does not match object syntax
448: SYNTAX OBJECT IDENTIFIER
449: MAX-ACCESS read-create
450: STATUS current
451: DESCRIPTION
452: "Indicates the kind of transport service by which
453: the party receives network management traffic."
454: DEFVAL { snmpUDPDomain }
455: ::= { partyEntry 3 }
456:
457: partyTAddress OBJECT-TYPE
458: SYNTAX TAddress
459: MAX-ACCESS read-create
460: STATUS current
461: DESCRIPTION
462: "The transport service address by which the party
463: receives network management traffic, formatted
464: according to the corresponding value of
465: partyTDomain. For snmpUDPDomain, partyTAddress is
466: formatted as a 4-octet IP Address concatenated
467: with a 2-octet UDP port number."
468: DEFVAL { '000000000000'H }
469: ::= { partyEntry 4 }
470:
471: partyMaxMessageSize OBJECT-TYPE
472: SYNTAX INTEGER (484..65507)
472: warning -
warning: use Integer32 instead of INTEGER in SMIv2
473: MAX-ACCESS read-create
474: STATUS current
475: DESCRIPTION
476: "The maximum length in octets of a SNMPv2 message
477: which this party will accept. For parties which
478: execute at an agent, the agent initializes this
479: object to the maximum length supported by the
480: agent, and does not let the object be set to any
481: larger value. For parties which do not execute at
482: the agent, the agent must allow the manager to set
483: this object to any legal value, even if it is
484: larger than the agent can generate."
485: DEFVAL { 484 }
486: ::= { partyEntry 5 }
487:
488: partyLocal OBJECT-TYPE
489: SYNTAX TruthValue
490: MAX-ACCESS read-create
491: STATUS current
492: DESCRIPTION
493: "An indication of whether this party executes at
494: this SNMPv2 entity. If this object has a value of
495: true(1), then the SNMPv2 entity will listen for
496: SNMPv2 messages on the partyTAddress associated
497: with this party. If this object has the value
498: false(2), then the SNMPv2 entity will not listen
499: for SNMPv2 messages on the partyTAddress
500: associated with this party."
501: DEFVAL { false }
502: ::= { partyEntry 6 }
503:
504: partyAuthProtocol OBJECT-TYPE
505: SYNTAX OBJECT IDENTIFIER
506: MAX-ACCESS read-create
507: STATUS current
508: DESCRIPTION
509: "The authentication protocol by which all messages
510: generated by the party are authenticated as to
511: origin and integrity. The value noAuth signifies
512: that messages generated by the party are not
513: authenticated.
514:
515: Once an instance of this object is created, its
516: value can not be changed."
517: DEFVAL { v2md5AuthProtocol }
518: ::= { partyEntry 7 }
519:
520: partyAuthClock OBJECT-TYPE
520: error -
type `Clock' of node `partyAuthClock' does not resolve to a known base type
521: SYNTAX Clock
522: MAX-ACCESS read-create
523: STATUS current
524: DESCRIPTION
525: "The authentication clock which represents the
526: local notion of the current time specific to the
527: party. This value must not be decremented unless
528: the party's private authentication key is changed
529: simultaneously."
530: DEFVAL { 0 }
531: ::= { partyEntry 8 }
532:
533: partyAuthPrivate OBJECT-TYPE
534: SYNTAX OCTET STRING
535: -- for v2md5AuthProtocol: (SIZE (16))
536: MAX-ACCESS read-create
537: STATUS current
538: DESCRIPTION
539: "An encoding of the party's private authentication
540: key which may be needed to support the
541: authentication protocol. Although the value of
542: this variable may be altered by a management
543: operation (e.g., a SNMPv2 Set-Request), its value
544: can never be retrieved by a management operation:
545: when read, the value of this variable is the zero
546: length OCTET STRING.
547:
548: The private authentication key is NOT directly
549: represented by the value of this variable, but
550: rather it is represented according to an encoding.
551: This encoding is the bitwise exclusive-OR of the
552: old key with the new key, i.e., of the old private
553: authentication key (prior to the alteration) with
554: the new private authentication key (after the
555: alteration). Thus, when processing a received
556: protocol Set operation, the new private
557: authentication key is obtained from the value of
558: this variable as the result of a bitwise
559: exclusive-OR of the variable's value and the old
560: private authentication key. In calculating the
561: exclusive-OR, if the old key is shorter than the
562: new key, zero-valued padding is appended to the
563: old key. If no value for the old key exists, a
564: zero-length OCTET STRING is used in the
565: calculation."
566: DEFVAL { ''H } -- the empty string
567: ::= { partyEntry 9 }
568:
569: partyAuthPublic OBJECT-TYPE
570: SYNTAX OCTET STRING
571: -- for v2md5AuthProtocol: (SIZE (0..16))
572: MAX-ACCESS read-create
573: STATUS current
574: DESCRIPTION
575: "A publically-readable value for the party.
576:
577: Depending on the party's authentication protocol,
578: this value may be needed to support the party's
579: authentication protocol. Alternatively, it may be
580: used by a manager during the procedure for
581: altering secret information about a party. (For
582: example, by altering the value of an instance of
583: this object in the same SNMPv2 Set-Request used to
584: update an instance of partyAuthPrivate, a
585: subsequent Get-Request can determine if the Set-
586: Request was successful in the event that no
587: response to the Set-Request is received, see [4].)
588:
589: The length of the value is dependent on the
590: party's authentication protocol. If not used by
591: the authentication protocol, it is recommended
592: that agents support values of any length up to and
593: including the length of the corresponding
594: partyAuthPrivate object."
595: DEFVAL { ''H } -- the empty string
596: ::= { partyEntry 10 }
597:
598: partyAuthLifetime OBJECT-TYPE
599: SYNTAX INTEGER (0..2147483647)
599: warning -
warning: use Integer32 instead of INTEGER in SMIv2
600: UNITS "seconds"
601: MAX-ACCESS read-create
602: STATUS current
603: DESCRIPTION
604: "The lifetime (in units of seconds) which
605: represents an administrative upper bound on
606: acceptable delivery delay for protocol messages
607: generated by the party.
608:
609: Once an instance of this object is created, its
610: value can not be changed."
611: DEFVAL { 300 }
612: ::= { partyEntry 11 }
613:
614: partyPrivProtocol OBJECT-TYPE
615: SYNTAX OBJECT IDENTIFIER
616: MAX-ACCESS read-create
617: STATUS current
618: DESCRIPTION
619: "The privacy protocol by which all protocol
620: messages received by the party are protected from
621: disclosure. The value noPriv signifies that
622: messages received by the party are not protected.
623:
624: Once an instance of this object is created, its
625: value can not be changed."
626: DEFVAL { noPriv }
627: ::= { partyEntry 12 }
628:
629: partyPrivPrivate OBJECT-TYPE
630: SYNTAX OCTET STRING
631: -- for desPrivProtocol: (SIZE (16))
632: MAX-ACCESS read-create
633: STATUS current
634: DESCRIPTION
635: "An encoding of the party's private encryption key
636: which may be needed to support the privacy
637: protocol. Although the value of this variable may
638: be altered by a management operation (e.g., a
639: SNMPv2 Set-Request), its value can never be
640: retrieved by a management operation: when read,
641: the value of this variable is the zero length
642: OCTET STRING.
643:
644: The private encryption key is NOT directly
645: represented by the value of this variable, but
646: rather it is represented according to an encoding.
647: This encoding is the bitwise exclusive-OR of the
648: old key with the new key, i.e., of the old private
649: encryption key (prior to the alteration) with the
650: new private encryption key (after the alteration).
651: Thus, when processing a received protocol Set
652: operation, the new private encryption key is
653: obtained from the value of this variable as the
654: result of a bitwise exclusive-OR of the variable's
655: value and the old private encryption key. In
656: calculating the exclusive-OR, if the old key is
657: shorter than the new key, zero-valued padding is
658: appended to the old key. If no value for the old
659: key exists, a zero-length OCTET STRING is used in
660: the calculation."
661: DEFVAL { ''H } -- the empty string
662: ::= { partyEntry 13 }
663:
664: partyPrivPublic OBJECT-TYPE
665: SYNTAX OCTET STRING
666: -- for desPrivProtocol: (SIZE (0..16))
667: MAX-ACCESS read-create
668: STATUS current
669: DESCRIPTION
670: "A publically-readable value for the party.
671:
672: Depending on the party's privacy protocol, this
673: value may be needed to support the party's privacy
674: protocol. Alternatively, it may be used by a
675: manager as a part of its procedure for altering
676: secret information about a party. (For example,
677: by altering the value of an instance of this
678: object in the same SNMPv2 Set-Request used to
679: update an instance of partyPrivPrivate, a
680: subsequent Get-Request can determine if the Set-
681: Request was successful in the event that no
682: response to the Set-Request is received, see [4].)
683:
684: The length of the value is dependent on the
685: party's privacy protocol. If not used by the
686: privacy protocol, it is recommended that agents
687: support values of any length up to and including
688: the length of the corresponding partyPrivPrivate
689: object."
690: DEFVAL { ''H } -- the empty string
691: ::= { partyEntry 14 }
692:
693: partyCloneFrom OBJECT-TYPE
694: SYNTAX Party
695: MAX-ACCESS read-create
696: STATUS current
697: DESCRIPTION
698: "The identity of a party to clone authentication
699: and privacy parameters from. When read, the value
700: { 0 0 } is returned.
701:
702: This value must be written exactly once, when the
703: associated instance of partyStatus either does not
704: exist or has the value `notReady'. When written,
705: the value identifies a party, the cloning party,
706: whose status column has the value `active'. The
707: cloning party is used in two ways.
708:
709: One, if instances of the following objects do not
710: exist for the party being created, then they are
711: created with values identical to those of the
712: corresponding objects for the cloning party:
713:
714: partyAuthProtocol
715: partyAuthPublic
716: partyAuthLifetime
717: partyPrivProtocol
718: partyPrivPublic
719:
720: Two, instances of the following objects are
721: updated using the corresponding values of the
722: cloning party:
723:
724: partyAuthPrivate
725: partyPrivPrivate
726:
727: (e.g., the value of the cloning party's instance
728: of the partyAuthPrivate object is XOR'd with the
729: value of the partyAuthPrivate instances of the
730: party being created.)"
731: ::= { partyEntry 15 }
732:
733: partyStorageType OBJECT-TYPE
734: SYNTAX StorageType
735: MAX-ACCESS read-create
736: STATUS current
737: DESCRIPTION
738: "The storage type for this conceptual row in the
739: partyTable."
740: DEFVAL { nonVolatile }
741: ::= { partyEntry 16 }
742:
743: partyStatus OBJECT-TYPE
744: SYNTAX RowStatus
745: MAX-ACCESS read-create
746: STATUS current
747: DESCRIPTION
748: "The status of this conceptual row in the
749: partyTable.
750:
751: A party is not qualified for activation until
752: instances of all columns of its partyEntry row
753: have an appropriate value. In particular:
754:
755: A value must be written to the Party's
756: partyCloneFrom object.
757:
758: If the Party's partyAuthProtocol object has the
759: value md5AuthProtocol, then the corresponding
760: instance of partyAuthPrivate must contain a
761: secret of the appropriate length. Further, at
762: least one management protocol set operation
763: updating the value of the party's
764: partyAuthPrivate object must be successfully
765: processed, before the partyAuthPrivate column is
766: considered appropriately configured.
767:
768: If the Party's partyPrivProtocol object has the
769: value desPrivProtocol, then the corresponding
770: instance of partyPrivPrivate must contain a
771: secret of the appropriate length. Further, at
772: least one management protocol set operation
773: updating the value of the party's
774: partyPrivPrivate object must be successfully
775: processed, before the partyPrivPrivate column is
776: considered appropriately configured.
777:
778: Until instances of all corresponding columns are
779: appropriately configured, the value of the
780: corresponding instance of the partyStatus column is
781: `notReady'."
782: ::= { partyEntry 17 }
783:
784: -- the SNMPv2 contexts database group
785:
786: snmpContexts OBJECT IDENTIFIER ::= { partyMIBObjects 2 }
787:
788:
789: contextTable OBJECT-TYPE
790: SYNTAX SEQUENCE OF ContextEntry
791: MAX-ACCESS not-accessible
792: STATUS current
793: DESCRIPTION
794: "The SNMPv2 Context database."
795: ::= { snmpContexts 1 }
796:
797: contextEntry OBJECT-TYPE
797: warning -
warning: index of row `contextEntry' can exceed OID size limit by 13 subidentifier(s)
798: SYNTAX ContextEntry
799: MAX-ACCESS not-accessible
800: STATUS current
801: DESCRIPTION
802: "Locally held information about a particular
803: SNMPv2 context."
804: INDEX { IMPLIED contextIdentity }
805: ::= { contextTable 1 }
806:
807: ContextEntry ::=
808: SEQUENCE {
809: contextIdentity Context,
810: contextIndex INTEGER,
811: contextLocal TruthValue,
812: contextViewIndex INTEGER,
813: contextLocalEntity OCTET STRING,
814: contextLocalTime OBJECT IDENTIFIER,
815: contextProxyDstParty Party,
816: contextProxySrcParty Party,
817: contextProxyContext OBJECT IDENTIFIER,
818: contextStorageType StorageType,
819: contextStatus RowStatus
820: }
821:
822: contextIdentity OBJECT-TYPE
822: minor error -
index element `contextIdentity' of row `contextEntry' should but cannot have a size restriction
823: SYNTAX Context
824: MAX-ACCESS not-accessible
825: STATUS current
826: DESCRIPTION
827: "A context identifier uniquely identifying a
828: particular SNMPv2 context."
829: ::= { contextEntry 1 }
830:
831: contextIndex OBJECT-TYPE
832: SYNTAX INTEGER (1..65535)
832: warning -
warning: use Integer32 instead of INTEGER in SMIv2
833: MAX-ACCESS read-only
834: STATUS current
835: DESCRIPTION
836: "A unique value for each SNMPv2 context. The
837: value for each SNMPv2 context must remain constant
838: at least from one re-initialization of the
839: entity's network management system to the next
840: re-initialization."
841: ::= { contextEntry 2 }
842:
843: contextLocal OBJECT-TYPE
844: SYNTAX TruthValue
845: MAX-ACCESS read-create
846: STATUS current
847: DESCRIPTION
848: "An indication of whether this context is realized
849: by this SNMPv2 entity."
850: DEFVAL { true }
851: ::= { contextEntry 3 }
852:
853: contextViewIndex OBJECT-TYPE
854: SYNTAX INTEGER (0..65535)
854: warning -
warning: use Integer32 instead of INTEGER in SMIv2
855: MAX-ACCESS read-create
856: STATUS current
857: DESCRIPTION
858: "If the value of an instance of this object is
859: zero, then this corresponding conceptual row in
860: the contextTable refers to a SNMPv2 context which
861: identifies a proxy relationship; the values of the
862: corresponding instances of the
863: contextProxyDstParty, contextProxySrcParty, and
864: contextProxyContext objects provide further
865: information on the proxy relationship.
866:
867: Otherwise, if the value of an instance of this
868: object is greater than zero, then this
869: corresponding conceptual row in the contextTable
870: refers to a SNMPv2 context which identifies a MIB
871: view of a locally accessible entity; the value of
872: the instance identifies the particular MIB view
873: which has the same value of viewIndex; and the
874: value of the corresponding instances of the
875: contextLocalEntity and contextLocalTime objects
876: provide further information on the local entity
877: and its temporal domain."
878: ::= { contextEntry 4 }
879:
880: contextLocalEntity OBJECT-TYPE
881: SYNTAX OCTET STRING
882: MAX-ACCESS read-create
883: STATUS current
884: DESCRIPTION
885: "If the value of the corresponding instance of the
886: contextViewIndex is greater than zero, then the
887: value of an instance of this object identifies the
888: local entity whose management information is in
889: the SNMPv2 context's MIB view. The empty string
890: indicates that the MIB view contains the SNMPv2
891: entity's own local management information;
892: otherwise, a non-empty string indicates that the
893: MIB view contains management information of some
894: other local entity, e.g., 'Repeater1'."
895: DEFVAL { ''H } -- the empty string
896: ::= { contextEntry 5 }
897:
898: contextLocalTime OBJECT-TYPE
899: SYNTAX OBJECT IDENTIFIER
900: MAX-ACCESS read-create
901: STATUS current
902: DESCRIPTION
903: "If the value of the corresponding instance of the
904: contextViewIndex is greater than zero, then the
905: value of an instance of this object identifies the
906: temporal context of the management information in
907: the MIB view."
908: DEFVAL { currentTime }
909: ::= { contextEntry 6 }
910:
911: contextProxyDstParty OBJECT-TYPE
911: change recommended -
warning: node `contextProxyDstParty' must be contained in at least one conformance group
912: SYNTAX Party
913: MAX-ACCESS read-create
914: STATUS current
915: DESCRIPTION
916: "If the value of the corresponding instance of the
917: contextViewIndex is equal to zero, then the value
918: of an instance of this object identifies a SNMPv2
919: party which is the proxy destination of a proxy
920: relationship.
921:
922: If the value of the corresponding instance of the
923: contextViewIndex is greater than zero, then the
924: value of an instance of this object is { 0 0 }."
925: ::= { contextEntry 7 }
926:
927: contextProxySrcParty OBJECT-TYPE
927: change recommended -
warning: node `contextProxySrcParty' must be contained in at least one conformance group
928: SYNTAX Party
929: MAX-ACCESS read-create
930: STATUS current
931: DESCRIPTION
932: "If the value of the corresponding instance of the
933: contextViewIndex is equal to zero, then the value
934: of an instance of this object identifies a SNMPv2
935: party which is the proxy source of a proxy
936: relationship.
937:
938: Interpretation of an instance of this object
939: depends upon the value of the transport domain
940: associated with the SNMPv2 party used as the proxy
941: destination in this proxy relationship.
942:
943: If the value of the corresponding instance of the
944: contextViewIndex is greater than zero, then the
945: value of an instance of this object is { 0 0 }."
946: ::= { contextEntry 8 }
947:
948: contextProxyContext OBJECT-TYPE
948: change recommended -
warning: node `contextProxyContext' must be contained in at least one conformance group
949: SYNTAX OBJECT IDENTIFIER
950: MAX-ACCESS read-create
951: STATUS current
952: DESCRIPTION
953: "If the value of the corresponding instance of the
954: contextViewIndex is equal to zero, then the value
955: of an instance of this object identifies the
956: context of a proxy relationship.
957:
958: Interpretation of an instance of this object
959: depends upon the value of the transport domain
960: associated with the SNMPv2 party used as the proxy
961: destination in this proxy relationship.
962:
963: If the value of the corresponding instance of the
964: contextViewIndex is greater than zero, then the
965: value of an instance of this object is { 0 0 }."
966: ::= { contextEntry 9 }
967:
968: contextStorageType OBJECT-TYPE
969: SYNTAX StorageType
970: MAX-ACCESS read-create
971: STATUS current
972: DESCRIPTION
973: "The storage type for this conceptual row in the
974: contextTable."
975: DEFVAL { nonVolatile }
976: ::= { contextEntry 10 }
977:
978: contextStatus OBJECT-TYPE
979: SYNTAX RowStatus
980: MAX-ACCESS read-create
981: STATUS current
982: DESCRIPTION
983: "The status of this conceptual row in the
984: contextTable.
985:
986: A context is not qualified for activation until
987: instances of all corresponding columns have the
988: appropriate value. In particular, if the
989: context's contextViewIndex is greater than zero,
990: then the viewStatus column of the associated
991: conceptual row(s) in the viewTable must have the
992: value `active'. Until instances of all
993: corresponding columns are appropriately
994: configured, the value of the corresponding
995: instance of the contextStatus column is
996: `notReady'."
997: ::= { contextEntry 11 }
998:
999: -- the SNMPv2 access privileges database group
1000:
1001: snmpAccess OBJECT IDENTIFIER ::= { partyMIBObjects 3 }
1002:
1003:
1004: aclTable OBJECT-TYPE
1005: SYNTAX SEQUENCE OF AclEntry
1006: MAX-ACCESS not-accessible
1007: STATUS current
1008: DESCRIPTION
1009: "The access privileges database."
1010: ::= { snmpAccess 1 }
1011:
1012: aclEntry OBJECT-TYPE
1013: SYNTAX AclEntry
1014: MAX-ACCESS not-accessible
1015: STATUS current
1016: DESCRIPTION
1017: "The access privileges for a particular subject
1018: SNMPv2 party when asking a particular target
1019: SNMPv2 party to access a particular SNMPv2
1020: context."
1021: INDEX { aclTarget, aclSubject, aclResources }
1022: ::= { aclTable 1 }
1023:
1024: AclEntry ::=
1025: SEQUENCE {
1026: aclTarget INTEGER,
1027: aclSubject INTEGER,
1028: aclResources INTEGER,
1029: aclPrivileges INTEGER,
1030: aclStorageType StorageType,
1031: aclStatus RowStatus
1032: }
1033:
1034: aclTarget OBJECT-TYPE
1035: SYNTAX INTEGER (1..65535)
1035: warning -
warning: use Integer32 instead of INTEGER in SMIv2
1036: MAX-ACCESS not-accessible
1037: STATUS current
1038: DESCRIPTION
1039: "The value of an instance of this object
1040: identifies a SNMPv2 party which is the target of
1041: an access control policy, and has the same value
1042: as the instance of the partyIndex object for that
1043: party."
1044: ::= { aclEntry 1 }
1045:
1046: aclSubject OBJECT-TYPE
1047: SYNTAX INTEGER (1..65535)
1047: warning -
warning: use Integer32 instead of INTEGER in SMIv2
1048: MAX-ACCESS not-accessible
1049: STATUS current
1050: DESCRIPTION
1051: "The value of an instance of this object
1052: identifies a SNMPv2 party which is the subject of
1053: an access control policy, and has the same value
1054: as the instance of the partyIndex object for that
1055: SNMPv2 party."
1056: ::= { aclEntry 2 }
1057:
1058: aclResources OBJECT-TYPE
1059: SYNTAX INTEGER (1..65535)
1059: warning -
warning: use Integer32 instead of INTEGER in SMIv2
1060: MAX-ACCESS not-accessible
1061: STATUS current
1062: DESCRIPTION
1063: "The value of an instance of this object
1064: identifies a SNMPv2 context in an access control
1065: policy, and has the same value as the instance of
1066: the contextIndex object for that SNMPv2 context."
1067: ::= { aclEntry 3 }
1068:
1069: aclPrivileges OBJECT-TYPE
1070: SYNTAX INTEGER (0..255)
1070: warning -
warning: use Integer32 instead of INTEGER in SMIv2
1071: MAX-ACCESS read-create
1072: STATUS current
1073: DESCRIPTION
1074: "The access privileges which govern what
1075: management operations a particular target party
1076: may perform with respect to a particular SNMPv2
1077: context when requested by a particular subject
1078: party. These privileges are specified as a sum of
1079: values, where each value specifies a SNMPv2 PDU
1080: type by which the subject party may request a
1081: permitted operation. The value for a particular
1082: PDU type is computed as 2 raised to the value of
1083: the ASN.1 context-specific tag for the appropriate
1084: SNMPv2 PDU type. The values (for the tags defined
1085: in [5]) are defined in [3] as:
1086:
1087: Get : 1
1088: GetNext : 2
1089: Response : 4
1090: Set : 8
1091: unused : 16
1092: GetBulk : 32
1093: Inform : 64
1094: SNMPv2-Trap : 128
1095:
1096: The null set is represented by the value zero."
1097: DEFVAL { 35 } -- Get, Get-Next & Get-Bulk
1098: ::= { aclEntry 4 }
1099:
1100: aclStorageType OBJECT-TYPE
1101: SYNTAX StorageType
1102: MAX-ACCESS read-create
1103: STATUS current
1104: DESCRIPTION
1105: "The storage type for this conceptual row in the
1106: aclTable."
1107: DEFVAL { nonVolatile }
1108: ::= { aclEntry 5 }
1109:
1110: aclStatus OBJECT-TYPE
1111: SYNTAX RowStatus
1112: MAX-ACCESS read-create
1113: STATUS current
1114: DESCRIPTION
1115: "The status of this conceptual row in the
1116: aclTable."
1117: ::= { aclEntry 6 }
1118:
1119: -- the MIB view database group
1120:
1121: snmpViews OBJECT IDENTIFIER ::= { partyMIBObjects 4 }
1122:
1123:
1124: viewTable OBJECT-TYPE
1125: SYNTAX SEQUENCE OF ViewEntry
1126: MAX-ACCESS not-accessible
1127: STATUS current
1128: DESCRIPTION
1129: "Locally held information about the MIB views
1130: known to this SNMPv2 entity.
1131:
1132: Each SNMPv2 context which is locally accessible
1133: has a single MIB view which is defined by two
1134: collections of view subtrees: the included view
1135: subtrees, and the excluded view subtrees. Every
1136: such subtree, both included and excluded, is
1137: defined in this table.
1138:
1139: To determine if a particular object instance is in
1140: a particular MIB view, compare the object
1141: instance's OBJECT IDENTIFIER with each of the MIB
1142: view's entries in this table. If none match, then
1143: the object instance is not in the MIB view. If
1144: one or more match, then the object instance is
1145: included in, or excluded from, the MIB view
1146: according to the value of viewType in the entry
1147: whose value of viewSubtree has the most sub-
1148: identifiers. If multiple entries match and have
1149: the same number of sub-identifiers, then the
1150: lexicographically greatest instance of viewType
1151: determines the inclusion or exclusion.
1152:
1153: An object instance's OBJECT IDENTIFIER X matches
1154: an entry in this table when the number of sub-
1155: identifiers in X is at least as many as in the
1156: value of viewSubtree for the entry, and each sub-
1157: identifier in the value of viewSubtree matches its
1158: corresponding sub-identifier in X. Two sub-
1159: identifiers match either if the corresponding bit
1160: of viewMask is zero (the 'wild card' value), or if
1161: they are equal.
1162:
1163: Due to this 'wild card' capability, we introduce
1164: the term, a 'family' of view subtrees, to refer to
1165: the set of subtrees defined by a particular
1166: combination of values of viewSubtree and viewMask.
1167: In the case where no 'wild card' is defined in
1168: viewMask, the family of view subtrees reduces to a
1169: single view subtree."
1170: ::= { snmpViews 1 }
1171:
1172: viewEntry OBJECT-TYPE
1172: warning -
warning: index of row `viewEntry' can exceed OID size limit by 14 subidentifier(s)
1173: SYNTAX ViewEntry
1174: MAX-ACCESS not-accessible
1175: STATUS current
1176: DESCRIPTION
1177: "Information on a particular family of view
1178: subtrees included in or excluded from a particular
1179: SNMPv2 context's MIB view.
1180:
1181: Implementations must not restrict the number of
1182: families of view subtrees for a given MIB view,
1183: except as dictated by resource constraints on the
1184: overall number of entries in the viewTable."
1185: INDEX { viewIndex, IMPLIED viewSubtree }
1186: ::= { viewTable 1 }
1187:
1188: ViewEntry ::=
1189: SEQUENCE {
1190: viewIndex INTEGER,
1191: viewSubtree OBJECT IDENTIFIER,
1192: viewMask OCTET STRING,
1193: viewType INTEGER,
1194: viewStorageType StorageType,
1195: viewStatus RowStatus
1196: }
1197:
1198: viewIndex OBJECT-TYPE
1199: SYNTAX INTEGER (1..65535)
1199: warning -
warning: use Integer32 instead of INTEGER in SMIv2
1200: MAX-ACCESS not-accessible
1201: STATUS current
1202: DESCRIPTION
1203: "A unique value for each MIB view. The value for
1204: each MIB view must remain constant at least from
1205: one re-initialization of the entity's network
1206: management system to the next re-initialization."
1207: ::= { viewEntry 1 }
1208:
1209: viewSubtree OBJECT-TYPE
1209: minor error -
index element `viewSubtree' of row `viewEntry' should but cannot have a size restriction
1210: SYNTAX OBJECT IDENTIFIER
1211: MAX-ACCESS not-accessible
1212: STATUS current
1213: DESCRIPTION
1214: "A MIB subtree."
1215: ::= { viewEntry 2 }
1216:
1217: viewMask OBJECT-TYPE
1218: SYNTAX OCTET STRING (SIZE (0..16))
1219: MAX-ACCESS read-create
1220: STATUS current
1221: DESCRIPTION
1222: "The bit mask which, in combination with the
1223: corresponding instance of viewSubtree, defines a
1224: family of view subtrees.
1225:
1226: Each bit of this bit mask corresponds to a sub-
1227: identifier of viewSubtree, with the most
1228: significant bit of the i-th octet of this octet
1229: string value (extended if necessary, see below)
1230: corresponding to the (8*i - 7)-th sub-identifier,
1231: and the least significant bit of the i-th octet of
1232: this octet string corresponding to the (8*i)-th
1233: sub-identifier, where i is in the range 1 through
1234: 16.
1235:
1236: Each bit of this bit mask specifies whether or not
1237: the corresponding sub-identifiers must match when
1238: determining if an OBJECT IDENTIFIER is in this
1239: family of view subtrees; a '1' indicates that an
1240: exact match must occur; a '0' indicates 'wild
1241: card', i.e., any sub-identifier value matches.
1242: Thus, the OBJECT IDENTIFIER X of an object
1243: instance is contained in a family of view subtrees
1244: if the following criteria are met:
1245:
1246: for each sub-identifier of the value of
1247: viewSubtree, either:
1248:
1249: the i-th bit of viewMask is 0, or
1250:
1251: the i-th sub-identifier of X is equal to
1252: the i-th sub-identifier of the value of
1253: viewSubtree.
1254:
1255: If the value of this bit mask is M bits long and
1256: there are more than M sub-identifiers in the
1257: corresponding instance of viewSubtree, then the
1258: bit mask is extended with 1's to be the required
1259: length.
1260:
1261: Note that when the value of this object is the
1262: zero-length string, this extension rule results in
1263: a mask of all-1's being used (i.e., no 'wild
1264: card'), and the family of view subtrees is the one
1265: view subtree uniquely identified by the
1266: corresponding instance of viewSubtree."
1267: DEFVAL { ''H }
1268: ::= { viewEntry 3 }
1269:
1270: viewType OBJECT-TYPE
1271: SYNTAX INTEGER {
1272: included(1),
1273: excluded(2)
1274: }
1275: MAX-ACCESS read-create
1276: STATUS current
1277: DESCRIPTION
1278: "The status of a particular family of view
1279: subtrees within the particular SNMPv2 context's
1280: MIB view. The value 'included(1)' indicates that
1281: the corresponding instances of viewSubtree and
1282: viewMask define a family of view subtrees included
1283: in the MIB view. The value 'excluded(2)'
1284: indicates that the corresponding instances of
1285: viewSubtree and viewMask define a family of view
1286: subtrees excluded from the MIB view."
1287: DEFVAL { included }
1288: ::= { viewEntry 4 }
1289:
1290: viewStorageType OBJECT-TYPE
1291: SYNTAX StorageType
1292: MAX-ACCESS read-create
1293: STATUS current
1294: DESCRIPTION
1295: "The storage type for this conceptual row in the
1296: viewTable."
1297: DEFVAL { nonVolatile }
1298: ::= { viewEntry 5 }
1299:
1300: viewStatus OBJECT-TYPE
1301: SYNTAX RowStatus
1302: MAX-ACCESS read-create
1303: STATUS current
1304: DESCRIPTION
1305: "The status of this conceptual row in the
1306: viewTable."
1307: ::= { viewEntry 6 }
1308:
1309: -- conformance information
1310:
1311: partyMIBConformance
1312: OBJECT IDENTIFIER ::= { partyMIB 3 }
1313:
1314: partyMIBCompliances
1315: OBJECT IDENTIFIER ::= { partyMIBConformance 1 }
1316: partyMIBGroups
1317: OBJECT IDENTIFIER ::= { partyMIBConformance 2 }
1318:
1319:
1320: -- compliance statements
1321:
1322: unSecurableCompliance MODULE-COMPLIANCE
1323: STATUS current
1324: DESCRIPTION
1325: "The compliance statement for SNMPv2 entities
1326: which implement the Party MIB, but do not support
1327: any authentication or privacy protocols (i.e.,
1328: only the noAuth and noPriv protocols are
1329: supported)."
1330: MODULE -- this module
1331: MANDATORY-GROUPS { partyMIBGroup }
1332: ::= { partyMIBCompliances 1 }
1333:
1334:
1335: partyNoPrivacyCompliance MODULE-COMPLIANCE
1336: STATUS current
1337: DESCRIPTION
1338: "The compliance statement for SNMPv2 entities
1339: which implement the Party MIB, and support an
1340: authentication protocol, but do not support any
1341: privacy protocols (i.e., only the noAuth,
1342: v2md5AuthProtocol, and noPriv protocols are
1343: supported)."
1344: MODULE -- this module
1345: MANDATORY-GROUPS { partyMIBGroup }
1346: ::= { partyMIBCompliances 2 }
1347:
1348: partyPrivacyCompliance MODULE-COMPLIANCE
1349: STATUS current
1350: DESCRIPTION
1351: "The compliance statement for SNMPv2 entities
1352: which implement the Party MIB, support an
1353: authentication protocol, and support a privacy
1354: protocol ONLY for the purpose of accessing
1355: security parameters.
1356:
1357: For all aclTable entries authorizing a subject
1358: and/or target SNMPv2 party whose privacy protocol
1359: is desPrivProtocol, to be used in accessing a
1360: SNMPv2 context, the MIB view for that SNMPv2
1361: context shall include only those objects
1362: subordinate to partyMIBObjects, or a subset
1363: thereof, e.g.,
1364:
1365: viewSubtree = { partyMIBObjects }
1366: viewMask = ''H
1367: viewType = { included }
1368:
1369: Any attempt to configure an entry in the
1370: partyTable, the contextTable, the aclTable or the
1371: viewTable such that a party using the
1372: desPrivProtocol would be authorized for use in
1373: accessing objects outside of the partyMIBObjects
1374: subtree shall result in the appropriate error
1375: response (e.g., wrongValue or inconsistentValue)."
1376: MODULE -- this module
1377: MANDATORY-GROUPS { partyMIBGroup }
1378: ::= { partyMIBCompliances 3 }
1379:
1380: fullPrivacyCompliance MODULE-COMPLIANCE
1381: STATUS current
1382: DESCRIPTION
1383: "The compliance statement for SNMPv2 entities
1384: which implement the Party MIB, support an
1385: authentication protocol, and support a privacy
1386: protocol without restrictions on its use."
1387: MODULE -- this module
1388: MANDATORY-GROUPS { partyMIBGroup }
1389: ::= { partyMIBCompliances 4 }
1390:
1391:
1392: -- units of conformance
1393:
1394: partyMIBGroup OBJECT-GROUP
1394: minor error -
node `aclTarget' is an invalid member of group `partyMIBGroup'
1394: minor error -
node `aclSubject' is an invalid member of group `partyMIBGroup'
1395: OBJECTS { partyIndex, partyTDomain, partyTAddress,
1396: partyMaxMessageSize, partyLocal,
1397: partyAuthProtocol, partyAuthClock,
1398: partyAuthPrivate, partyAuthPublic,
1399: partyAuthLifetime, partyPrivProtocol,
1400: partyPrivPrivate, partyPrivPublic,
1401: partyStorageType, partyStatus,
1402: partyCloneFrom,
1403: contextIndex, contextLocal,
1404: contextViewIndex, contextLocalEntity,
1405: contextLocalTime, contextStorageType,
1406: contextStatus, aclTarget, aclSubject,
1407: aclPrivileges, aclStorageType, aclStatus,
1408: viewMask, viewType, viewStorageType, viewStatus }
1409: STATUS current
1410: DESCRIPTION
1411: "The collection of objects allowing the
1412: description and configuration of SNMPv2 parties.
1413:
1414: Note that objects which support proxy
1415: relationships are not included in this conformance
1416: group."
1417: ::= { partyMIBGroups 1 }
1418:
1419:
1420: END